EAS devices still sync after an account is disabled or a password is changed

Symptoms

Exchange ActiveSync (EAS) devices continue to synchronize after their account has been disabled. Devices also connect using an old password, after the password has been changed.

Cause

When an EAS device is set to synchronize items as they arrive (Direct Push), any changes made to the user's account in Active Directory can require 8 to 24 hours before the device recognizes those changes.

When using Direct Push, devices maintain an open connection to the server. Any changes made after the connection is established will not take effect immediately.

Resolution

Any of the following methods will force the device to reconnect on a new connection.

Reset IIS

On the Client Access Server(s) that the device connects to, click Start, click Run and type CMD and then press ENTER.

Type iisreset and press ENTER.

This will restart IIS services. You can also use the Services.msc snap-in to manually Restart the IIS Admin service.

Depending on the device type, modify the synchronization settings to use a Manual sync and then wait a few minutes for the connection to be reset. On the next manual sync attempt, a new connection is established.

Shutdown the device

Power off the device and wait a few moments, then turn it back on.

More Information

For more information on this topic, including other services impacted in this scenario, see the following topic from the TechNet Wiki online:

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.